Storefront login via messengers, order notifications through Message API, email verification in the customer account. OpenCart 3.0.x.
PHP 7.4+ with openssl, outbound HTTPS to Auth Cloud
1. Sign in to the Auth Cloud cabinet and create an application.
2. Connect at least one messenger bot (Telegram, WhatsApp or MAX) in application settings.
3. Open the application → Messages tab: copy the message API token (POST /api/v1/message/send). You will paste it into OpenCart module settings for order notifications and test sends.
4. Add your storefront origin (scheme + host, e.g. https://shop.example.com) to allowed domains — required for the widget and session API.
5. Copy the application _id — you will enter it as Application ID in OpenCart admin.
1. Download antirius-auth-cloud-opencart.zip using the button above.
2. In OpenCart admin: Extensions → Installer → upload the zip, or unpack the upload/ folder into the shop root.
3. Extensions → Extensions → Modules → Antirius Auth Cloud → Install.
4. Click Edit: Base URL, Application ID, message API token, order notification mode, bind admin phone, use “Send test” to verify delivery, then enable and save.
5. If you upgrade from an older package: reinstall the module once (or add order-history events and table antirius_customer_meta manually) so notifications work.
| Setting | Description |
|---|---|
| Status | Enable to replace the default customer login flow. |
| Base URL | Auth Cloud instance URL (e.g. https://id.antirius.com). |
| Application ID | Application _id from the cabinet. |
| Widget script URL | Optional; default {base_url}/widget.js. |
| Auto-create customer | Create a new customer record if no match is found. |
| Customer group | Default group for newly created customers. |
| User matching | Telephone only: customer.telephone must match the number from Auth Cloud. |
| Message API token | From cabinet → application → Messages. Used for order notifications and test sends. Leaving the field empty on save keeps the previously stored token. |
| Order status notifications | When admin checks “Notify customer” on an order: Email only (OpenCart mail), Messenger only (API), Both, or Customer choice (if phone and verified email). Messenger channel is chosen by Auth Cloud (Telegram / MAX / WhatsApp per app settings). |
| Send test (admin) | Sends a test message to the bound administrator phone via the message API. |
| Hide password fallback on messenger screen | No (default) — backup link to account/login?abc_bypass=1 is shown. Yes — hide the on-screen link only. |
When the order history is updated with “Notify customer”, the extension calls POST /api/v1/message/send if messenger delivery applies. OpenCart still sends email when the mode includes email. The shop does not pick Telegram vs MAX — Auth Cloud delivers via the application configuration.
Email only — Standard OpenCart mail only.
Messenger only — No OpenCart email; text to customer phone in E.164 format.
Both — Email and messenger.
Customer choice — If the customer has a verified phone and a real confirmed email, they choose email or messenger in Account → Edit. Otherwise fallback: messenger when email is a placeholder, email when a real address exists.
1. Telephone is read-only; change it only via “Re-link” / messenger bind.
2. Notifications block (when message API token is configured): “Test delivery” — customer checks that messages arrive and decides whether to use the channel.
3. Confirm email: enter a real address, receive a one-time code in the messenger on the linked phone, then confirm. Replaces placeholder @antirius.local.
4. Notification channel: radio buttons email / messenger — only when the shop uses “Customer choice” and both phone and email are verified.
1. Customer opens Account → Login (route account/login).
2. Extension redirects to extension/module/antirius_auth_cloud/login with the widget and CSRF token in session.
3. Customer completes auth in the messenger; the browser POSTs session_id to extension/module/antirius_auth_cloud/callback.
4. Shop server calls GET /api/v1/auth/session/{session_id}?type=full once, receives JWT, verifies RS256 via /.well-known/jwks.json.
5. Extension finds or creates a customer, calls $this->customer->login(), redirects to account/account or the original redirect URL.
A link to the standard OpenCart login is shown on the messenger screen by default. You can also open it directly (cookie keeps bypass mode after form POST):
index.php?route=account/login&abc_bypass=1To hide only the on-screen link, set “Hide password fallback on messenger screen” to Yes in module settings. The direct URL above still works.
Callback accepts POST only and checks the CSRF token stored in the OpenCart session (abc_auth_token). JWT is verified with the public key from JWKS; app_id in the token must match the configured Application ID. Personal profile fields come from the messenger at auth time and are not stored on Auth Cloud long-term.